bear

joined 1 year ago
[–] bear@slrpnk.net 6 points 5 days ago (3 children)

Something you might want to look into is using mTLS, or client certificate authentication, on any external facing services that aren't intended for anybody but yourself or close friends/family. Basically, it means nobody can even connect to your server without having a certificate that was pre-generated by you. On the server end, you just create the certificate, and on the client end, you install it to the device and select it when asked.

The viability of this depends on what applications you use, as support for it must be implemented by its developers. For anything only accessed via web browser, it's perfect. All web browsers (except Firefox on mobile...) can handle mTLS certs. Lots of Android apps also support it. I use it for Nextcloud on Android (so Files, Tasks, Notes, Photos, RSS, and DAVx5 apps all work) and support works across the board there. It also works for Home Assistant and Gotify apps. It looks like Immich does indeed support it too. In my configuration, I only require it on external connections by having 443 on the router be forwarded to 444 on the server, so I can apply different settings easily without having to do any filtering.

As far as security and privacy goes, mTLS is virtually impenetrable so long as you protect the certificate and configure the proxy correctly, and similar in concept to using Wireguard. Nearly everything I publicly expose is protected via mTLS, with very rare exceptions like Navidrome due to lack of support in subsonic clients, and a couple other things that I actually want to be universally reachable.

[–] bear@slrpnk.net 2 points 5 days ago

I envy your life, as it feels like every year the browser assimilates and consumes more and more.

[–] bear@slrpnk.net 2 points 6 days ago* (last edited 6 days ago) (1 children)

A direct case was not reported in the UK in recent years, but evidence of very likely polio transmission was found in sewage samples two years ago:

https://nationalpost.com/news/world/polio-virus-found-in-uk-sewage-samples-risk-to-public-low

A similar situation happened in New York where an actual case was found a month later:

https://www.reuters.com/world/us/polio-found-new-york-wastewater-state-assesses-virus-spread-2022-08-01/

The short of it is, when vaccination rates fall, Polio can be reintroduced via transmission of the live virus found in the oral vaccine, usually taken in poorer countries. If someone were to take the oral vaccine and then immediately travel to a country with lessening vaccination rates, like is currently happening in the west due to the spread of right-wing conspiracy mongering, the live virus still in the vaccinated individual has a low but not zero chance of propagating to the unvaccinated or immune-compromised population there. Samples containing these vaccine-derived viruses are found a few times per year in most places, and it's a weaker virus so often it leads to no symptoms, but in very rare instances it does take hold with the expected effect:

https://www.who.int/emergencies/disease-outbreak-news/item/2022-DON366

Despite individual cases of polio turning up, either via direct reporting or evidence found elsewhere, it would still be correct to describe polio as being "eradicated" in these countries, at least currently. Nobody is confused by this or demands reclassification of the status of polio.

[–] bear@slrpnk.net 4 points 6 days ago (4 children)

I don't follow. We regularly refer to polio as being "eradicated", even though there have still been documented (but exceptionally rare) cases of polio transmission even in western countries over the last couple decades. That actually sounds like a perfectly apt comparison for the goals of prison abolition, just not in the way you intended.

[–] bear@slrpnk.net 4 points 6 days ago* (last edited 6 days ago) (6 children)

In short, prison abolition isn't about abolishing prisons?

Bad name choice in my opinion, as it immediately makes me think: what a dumb idea.

This is kind of like saying being anti-war is a dumb idea because there will surely always be wars fought in defense. Being anti-war isn't necessarily being an absolute pacifist. It's about opposing war and striving towards a future where war is a relic of the past. Everybody understands this, but struggles to apply the same logic to other topics.

Striving for intentionally utopian and impossible ideals is a great idea, actually, as long as you recognize it for what it is. I'm a prison abolitionist. Ultimately what I strive for is a society that doesn't need prisons. I don't know if total prison abolition is possible, but worst case scenario, we get as close as possible. What's so bad about that?

Similarly, I'm a communist, in the classical anarchist sense: abolition of state, class, and money. Are these things possible? Maybe not. In fact, probably not, at least not in any timeframe where humanity will be recognizable to us, as it would require true peace between all people and absolute post-scarcity in every way available to everyone. But worse case scenario, we get as close as possible.

Ultimately, adopting a utopian ideal is a recognition that the struggle to do better never ends. We're never "done". There's no end of history. Even if we do somehow achieve it, it must be maintained.

[–] bear@slrpnk.net 3 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

You're greatly overestimating how many people that is; additionally, it was largely people that aren't very committed to FOSS that got mad. The project maintainers and most users are fine with it. People who are committed to FOSS ideals are overwhelmingly progressive to leftist. That's why those codes of conduct were added in the first place, and were largely uncontroversial amongst most actual contributors of those projects.

[–] bear@slrpnk.net 5 points 2 weeks ago (3 children)

Agree with the former, not the latter.

[–] bear@slrpnk.net 12 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Use lemmy.ml how you want to use it, and if you want to participate in other political leanings, go to a different instance. No one is really stopping you, and that's the whole idea of the fediverse. And there really isn't any value lost, because this isn't a "choose one and only one" situation. You've got all of the fediverse at your fingertips.

Until you make the mistake of replying with the wrong kind of comment to the wrong sub, and get banned from the entire instance and lose the ability to post on many of the largest subs on this side of the fediverse. Or maybe they just see you out and about and decide to ban you on sight because they don't like what you said. There's nothing stopping that.

Admin overreach and abuse is a major issue for the fediverse because it affects more than just the user in question. Admins of large instances get to decide who has access to the users and communities on their instances, and very often the users of the instance aren't even aware of the actions taken on their behalf. Mastodon recently implemented a notification for when blocks and defederation remove your follows or followers, and this is a great first step. Users deserve to know when they are impacted by decisions such as these.

I love the fediverse and want to see it thrive, so we need to stop putting our heads in the sand on this issue. It's always discussed as if it's an issue with a few problematic instances rather than the systemic issue in need of a solution that is is. Admins need the tools to protect their instances from real abuse, but we need to balance that with the right of the users to know what's going on and not be unfairly deprived of the social aspect of this social media experiment, especially without knowing.

 

The founder of Drupal posted recently about this self-hosted and completely solar-powered personal site he made, in Boston of all places.

He describes the hardware, software, and the challenges he ran into while setting it all up. The site even includes automatically updating statistics about the system and battery. There's no backup or fail over, so if the battery drains due to cloudy or cold weather, the website will simply go offline for a while and he's fine with that.

[–] bear@slrpnk.net 3 points 4 weeks ago* (last edited 4 weeks ago)

I have no idea how you're getting packages older than Debian. Unstable is a rolling release and stable has a 6 month release cadence with no LTS. Were you pulling from an old dead repo? If you followed an outdated guide, they probably linked you to an old one.

I do agree that the learning curve is steep and the knowledge is nontransferrable though. In my case, that just encouraged me to unify all my systems onto NixOS at home. Not sure if that's a solution or addiction yet.

[–] bear@slrpnk.net 6 points 1 month ago

Seconding this, I do the same. It's a terrible sign that it took me longer to figure out how to successfully create VLANs and assign them to SSIDs in OpenWRT, which is a fairly simple concept, than it took me to learn basically anything about OPNSense, a vastly more powerful and complex tool.

I appreciate OpenWRT for giving me FOSS firmware I can slap on my AP, and I certainly don't want to come across as entitled to the free labor of the developers, but it's just objectively not very good from a UI/UX perspective.

[–] bear@slrpnk.net 1 points 3 months ago

I always come back to Smart Launcher. I grew up with category-based application menus on on PC, I can't stand having a giant unorganized app drawer. It's so cluttered and messy. I'm always surprised at how little mention it gets and instead everybody talks about these "minimalist" launchers that are literally just unorganized app drawers.

[–] bear@slrpnk.net 0 points 3 months ago* (last edited 3 months ago)

And of that 61%, only a third are directly investing. The rest get it as part of their compensation package for their work, which they can't benefit from without penalty until retirement. Additionally, it skews heavily by race. It's 66% of white families, but only 39% of black families and 28 percent of hispanic families. The amount invested follows similar trends.

https://www.pewresearch.org/short-reads/2024/03/06/a-booming-us-stock-market-doesnt-benefit-all-racial-and-ethnic-groups-equally/

 

Eelco has agreed to step down from the NixOS foundation board. Over the next two weeks, a constitutional assembly will be appointed to draft a constitution to democratically govern Nix/NixOS.

view more: next ›